Some current arrangements for verification of user identity in a communication system are susceptible to compromise in the event of hacking. For example, if a user makes a purchase from an on-line retailer, the user's name and password, or possibly his credit card number or other important data, is stored by the retailer at the retailer's computer or server. It is a fact that such online computers or servers may be penetrated by hackers or malfeasors. Once penetrated, the user's name and password, credit-card number or other data may be accessed by the hacker, and possibly misused. Firewalls are used with computers and servers in an attempt to avoid having a server penetrated. However, firewalls are not perfect, and it is not clear that conventional methods for protecting such data are effective. The only way to be sure that important information is not compromised is to avoid placing it on a server connected to a communications system.
In general, cryptography does not solve the problem of penetration of the user's server or computer, although it may be useful for protection of the data while it is in transit. Even for that use, however, public-key cryptography may not be as useful as it seems, as it tends to be somewhat difficult to use, because both the public and private keys tend to be very large numbers which cannot be remembered by the users, and therefore require storage on a separate module such as a floppy disk. Thus, existing protections against loss of identity information to a successful hacker may not be as effective as it might be.
Additional protection is desired for information stored on a communications server or computer.